How to extract private keys from an ssh-agent?

views:

answers:

How to extract private keys from an ssh-agent?

ssh-add -l displays that I have 3 RSA keys added to my SSH agent. ssh-add -L displays the public keys. How do I get the private keys as well, so that I can save them to a file? Or is it by design that this is impossible, i.e. ssh-agent can be asked to do operations using the private key, but it will never return the key itself? If it is so, then how can I ask it to encrypt/decrypt a number for me?

It's OK that I have to write code for this (the programming language doesn't matter), but I'd prefer using an existing tool or a library.

this is more a sysadmin question, but just look in ~/.ssh/id_rsa or id_dsa for the private keys. They had to get into ssh-agent in the first place...

Zak 2010-06-04 17:54:10

I know about the `~/.ssh/id*` files, and I don't care about them. I want to get access to the keys in the *memory* of an ssh-agent.

pts 2010-06-04 18:23:44

I've just found a very good explanation about how ssh-agent works: http://www.unixwiz.net/techtips/ssh-agent-forwarding.html . This partially answers some of my questions.

One of the more clever aspects of the agent is how it can verify a user's identity (or more precisely, possession of a private key) without revealing that private key to anybody.
One of the security benefits of agent forwarding is that the user's private key never appears on remote systems or on the wire, even in encrypted form.

pts 2010-06-04 18:26:56

ansaurus

tags:

views:

answers:

How to extract private keys from an ssh-agent?

related questions